Remember, in a pay-per-share model, a miner is not incentivized to give their mining pool any valid blocks.
There’s no extra reward to the individual for finding a share that gives the pool a block.
Is there a way that we can exploit this incentive misalignment? Turns out there is! You might have started to predict the attack by now.
If we get paid out for finding near-valid shares, why not just get paid for work without submitting valid blocks? And this is known as pool cannibalization.
You may recognize the person in this image on the right side of the slide.
This is Hannibal Lecter, fictitious cannibal, from the TV Show “Hannibal.” Just like Hannibal is a person that consumes other people, pools can “consume” parts of other pools through pool cannibalization.
The way we “consume” other pools is that if we have a decent amount of mining power, we can distribute some of our power into other pay-per-share schemes, but for these pools, we don’t submit valid blocks.
This way, we can paid by those other pools without increasing their revenue.
With pool cannibalization, we increase own personal profit at the detriment of other pools.
The advantage of this attack is that it’s very hard to detect in small amounts.
Let’s go ahead and show why this is the case through some calculations.
Let’s first establish some assumptions.
Let’s say we have 30 hashes per second of power in your pool, and the total network has 100 hashes per second.
Easily, we see that we have 30 percent of the network hashrate.
On top of that, there’s a current block reward of 1 bitcoin per block.
These numbers are for simplicity’s sake to set up the stage for the pool cannibalization analysis and not at all representative of real world conditions.
With basic statistics, we can calculate an expectation of profit per block.
This is the average profit made per block, which is not to be confused with the actual profit per block.
If we have thirty percent of the network hashrate, this means we are also expected to get thirty percent of the blocks in the longest chain.
By implication, we are also expecting to earn thirty percent of the total mining rewards on average, which is 0.3 bitcoins per block.
Now that we’ve established this scenario, let’s consider something: we buy a bit more hardware, currently worth 1 percent of the total network hashrate.
Let’s consider what we can do with this extra mining power.
The standard, simple thing to do with this extra mining power is add it to your own resources.
This means we have 31 hashes per second, and the total network has 101 hashes per second.
We now have 30.69 percent of the total hashrate.
This means that our increase in profit is 0.0069 bitcoins from our extra hardware.
But how can we leverage our previous knowledge about pay-per-share pools? Well, by doing something mean but profitable: distributing our 1 unit of mining power among all the other pools — the other 70% of the network hash power.
However, we make sure to that we do not add to their revenue.
We withhold any valid blocks while submitting all other shares.
The result is that the pools pay out to us — because we’re still submitting shares — but does not gain any benefit from our hash power — since we don’t submit valid blocks.
What that looks like in this particular scenario is as this: the rest of the pools are 70 parts honest, 1 part dishonest.
By honest, we mean mining and submitting valid blocks.
Dishonest is disobeying this intent and withholding valid blocks, and that’s what we’re doing.
What this means is that the effective hashrate of the other pools has not changed: it’s still 70%.
However, the mining pools are still paying out to us.
This means that our expected value of mining with this one percent of hashpower ends up being 0.0098 bitcoins.
You’ll notice a scary conclusion.
Dishonesty is more profitable than honesty! We’ve just shown that it’s more profitable to cannibalize pools than to mine directly through our own pool.
This is a scary deduction that we’ve made, but it doesn’t stop here.
If it’s more profitable for any pool to do this, then what does that look like across the network? Will pools all start cannibalizing each other? Is everyone going to start being dishonest for profit? Are pools going to wage war on each other through this attack?